US12402186B2 - Authenticator and communication method therefor - Google Patents

Authenticator and communication method therefor

Info

Publication number
US12402186B2
US12402186B2 US18/034,684 US202118034684A US12402186B2 US 12402186 B2 US12402186 B2 US 12402186B2 US 202118034684 A US202118034684 A US 202118034684A US 12402186 B2 US12402186 B2 US 12402186B2
Authority
US
United States
Prior art keywords
authenticator
key
data
client
module
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active, expires
Application number
US18/034,684
Other versions
US20230403749A1 (en
Inventor
Zhou Lu
Huazhang Yu
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Feitian Technologies Co Ltd
Original Assignee
Feitian Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Feitian Technologies Co Ltd filed Critical Feitian Technologies Co Ltd
Assigned to FEITIAN TECHNOLOGIES CO., LTD. reassignment FEITIAN TECHNOLOGIES CO., LTD. ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: LU, Zhou, YU, HUAZHANG
Publication of US20230403749A1 publication Critical patent/US20230403749A1/en
Application granted granted Critical
Publication of US12402186B2 publication Critical patent/US12402186B2/en
Active legal-status Critical Current
Adjusted expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/80Services using short range communication, e.g. near-field communication [NFC], radio-frequency identification [RFID] or low energy communication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0637Modes of operation, e.g. cipher block chaining [CBC], electronic codebook [ECB] or Galois/counter mode [GCM]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3271Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W76/00Connection management
    • H04W76/10Connection setup
    • H04W76/14Direct-mode setup
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless

Definitions

  • the present invention relates to an authenticator and a method for making communication with the authenticator, which belongs to communication technology field.
  • standard Bluetooth adapts system level pairing, i.e. a Bluetooth device paring with another Bluetooth device. That kind of pairing has following shortcomings: at one aspect, all applications on one device can use data transferred by another Bluetooth device after pairing, which leads to unsafe data; at another aspect, it is unfriendly to application UI, a slave device is completely to be connected passively in connecting process, no master device can be chosen; In addition, communication performed in some connecting processes among Bluetooth devices requires no pairing at all. Those connecting processes will lead to that sensitive data might be stolen and low security.
  • the object of the present invention is to provide an authenticator and a communicating method thereof, which can assure that data will not be stolen in transmitting process and data security is improved in transmitting process.
  • a communicating method of an authenticator includes the following Steps:
  • an authenticator includes:
  • the client and the authenticator build a Bluetooth pairing connection at application level, perform a bidirectional broadcast and scanning authentication in connecting process; an encrypting key is generated according to a session key after successful authentication and connection; data in communicating process is encrypted and transferred in communicating process via the encrypting key which assures that data during any data transferring process will not be stolen.
  • FIG. 1 presents a flow chart of a communicating method of an authenticator provided in Embodiment 1 of the present invention.
  • FIG. 4 is a block diagram of an authenticator device provided in Embodiment 3 of the present invention.
  • Embodiment 1 provides a communicating method of an authenticator, which is adapted to a system including a client and an authenticator.
  • the client is an application installed on a mobile terminal with Bluetooth function and the authenticator has Bluetooth function.
  • the method includes the following steps.
  • Step 101 the authenticator powers up and enters a connecting mode.
  • Step 102 the authenticator scans broadcast data, obtains a first client identification in the broadcast data, obtains a first key stored by the authenticator, verifies the first client identification according to the first key, if verifying is successful, execute Step 103 ; if verifying is failed, rescan broadcast data.
  • Step 103 the authenticator generates a second authenticator identification according to the first key, obtains a second key corresponding to the first key, generates a second session key according to the second key, notifies that verifying the first client identification is successful, stops scanning and broadcasts broadcast data including the second authenticator identification.
  • Step 104 the authenticator receives a request for building Bluetooth connection sent from the client, builds Bluetooth connection with the client, waits for receiving a handshake command sent from the client, when the handshake command is received, execute Step 105 .
  • Step 106 the authenticator waits for receiving an operating command sent from the client, when the operating command is received, execute Step 107 .
  • Step 107 the authenticator obtains cipher data in the operating command, performs operation via the second session key to obtain a second encrypting key, decrypts the cipher data via the second encrypting key to obtain operating data, performs corresponding operation according to the operating data to obtain operating result data, performs operation on the operating result data via the second encrypting key to obtain operating response data, sends an operating response including the operating response data to the client.
  • the method before entering connecting mode, the method further includes: the authenticator determines activating mode, when the activating mode is a first mode, the authenticator enters the connecting mode; when the activating mode is a second mode, the authenticator enters a pairing mode.
  • the method further includes:
  • the method before entering pairing mode, the method further includes: the authenticator the mobile terminal on which the client is build Bluetooth connection with each other.
  • Step a3 before entering connecting mode, the method further includes: disconnecting Bluetooth connection.
  • verifying the obtained client identification according to the first key specifically is: the authenticator obtains a first preset field stored by the authenticator, a first random number and a first data in the first client identification, performs operation on the first preset field and the first random number via the first key according to a fourth preset algorithm to obtain a second data, determines whether the second data and the first data are identical, if yes, verifying is successful: otherwise, verifying is failed.
  • the authenticator generates a second authenticator identification according to the first key specifically is: the authenticator obtains a second preset field stored by the authenticator, concatenates the first client identification and the second preset field orderly, performs operation on the first client identification and the second preset field via the first key according to the fourth preset algorithm to obtain a fourth data, takes a preset byte in the fourth data as the second authenticator identification.
  • generating a second session key according to the second key specifically is: the authenticator obtains a first preset data stored by the authenticator and the first random number in the first client identification, performs operation on the first random number and the first preset data via the second key according to a third preset algorithm to obtain a second session key.
  • the authenticator performs operation via the second session key to obtain a second handshake key specifically is: the authenticator obtains a second random number and a second preset data stored by the authenticator, performs operation on the second random number and the second preset data via the second session key according to the third preset algorithm to obtain a second handshake key.
  • notifying that verifying the first client identification is successful and stopping scanning and broadcasting broadcast data including the second authenticator identification in Step 103 specifically is: the authenticator sends a request for building Bluetooth connection to the client, builds Bluetooth connection with the client, when the Bluetooth connection is disconnected, the authenticator broadcasts broadcast data including the second authenticator identification.
  • the method further includes: the authenticator sends a first unique identification address to the client and receives a second unique identification address sent from the client:
  • the broadcast data further includes the first unique identification address and the second unique identification address.
  • notifying that verifying the first client identification is successful specifically includes: the authenticator prompts a user to switch state of the client from broadcast state to scanning state via a prompting module.
  • Embodiment 2 provides a communicating method of an authenticator, which is adapted to a system including a client and an authenticator.
  • the client is an application installed on a mobile terminal with Bluetooth function and the authenticator has a Bluetooth function.
  • the method includes the following step.
  • Step 201 the authenticator powers up, determines activating mode, when the activating mode is a second mode, the authenticator enters pairing mode, execute Step 202 ; when the activating mode is a first mode, the authenticator enters connecting mode, execute Step 206 .
  • that the authenticator powers up specifically is: when a press key of the authenticator is pressed down by a user the authenticator powers up.
  • the activating mode specifically is a type of press key triggering.
  • determining activating mode specifically is: the authenticator determines type of press key, if the type of press key is a first type, the authenticator enters a connecting mode; if the type of press key is a second type, the authenticator enters a pairing mode.
  • the type of press key includes short time pressing key and long time pressing key; in this case, the short time pressing key is a first type, the long time pressing key is a second type.
  • the authenticator determines type of press key specifically is: the authenticator determines type of press key according to a key pressing time period threshold value and time period for pressing and holding the press key, if time period for pressing and holding the press key overpasses the key pressing time period threshold value, the type of the press key is long time pressing key; if time period for pressing and holding the press key does not overpass the key pressing time period threshold value, the type of the press key is short time pressing key.
  • Step 202 the authenticator waits for receiving an extension register command sent from the client, when the extension register command sent from the client is received, execute Step 203 .
  • Step 202 further includes: the authenticator determines whether the received command is an extension register command, if yes, execute Step 203 ; otherwise, no processing is performed.
  • the method further includes: the authenticator and the mobile terminal on which the client is build Bluetooth connection between devices.
  • the extension register command received by the authenticator is data which meets standard Bluetooth protocol, specifically, the command is transmitted by the client via a Bluetooth connecting transmission layer which are built between the mobile terminal on which the client is and the authenticator.
  • extension register command specifically is:
  • Step 203 the authenticator obtains client public key and a client version number in the extension register command, generates an authenticator key pair, generates a first parameter according to the client public key and authenticator private key of the authenticator key pair.
  • generating a first parameter according to the client public key and authenticator private key of the authenticator key pair specifically is: the authenticator generates a first parameter according to the client public key and authenticator private key of the authenticator key pair and a second preset algorithm.
  • the authenticator generates an authenticator key pair specifically is: the authenticator generates an authenticator key pair according to a first preset algorithm; the authenticator key pair includes an authenticator private key and an authenticator public key.
  • the first preset algorithm specifically is algorithm for generating key pair; the authenticator and the client uses a same algorithm for generating key pair.
  • the second preset algorithm can be ECDH algorithm.
  • the authenticator generates a first parameter according to the client public key and authenticator private key of the authenticator key pair and a second preset algorithm specifically is: the authenticator multiplies the authenticator private key with the client public key to obtain a product result, takes the first 32 bytes of the product result as the first parameter.
  • the client public key is:
  • Step 204 the authenticator obtains a first preset data stored by the authenticator, generates an initial pairing key according to the client public key, the authenticator public key of the authenticator key pair, the client version number, the first preset data and the first parameter, splits the initial pairing key to obtain a first key and a second key, stores the first key and the second key correspondingly.
  • generating initial pairing key according to the client public key, the authenticator public key of the authenticator key pair, the client version number, the first preset data and the first parameter specifically is: the authenticator generates initial pairing key according to the client public key, the authenticator public key of the authenticator key pair, the client version number, the first preset data and the first parameter according to a third preset algorithm.
  • the authenticator generates initial pairing key according to the client public key, the authenticator public key of the authenticator key pair, the client version number, the first preset data and the first parameter according to a third preset algorithm specifically is: the authenticator obtains a first preset data, concatenates the client version number, the client public key and the authenticator public key orderly and performs hash digest operation on concatenated result to obtain a salt value, takes the first parameter as key to perform operation on the salt value and the first preset data according to a third preset algorithm to obtain initial pairing key.
  • the method further includes: the authenticator stores the first key and the second key correspondingly in an initial pairing key list.
  • the length of the obtained initial pairing key is 32 bytes
  • the first 16 bytes of the obtained initial pairing key is taken as the first key
  • the last 16 bytes of the obtained initial pairing key is taken as the second key.
  • the first preset data is ASCII character string “FIDO caBLE v1 pairing data”
  • the authenticator sends an extension register response, which includes the authenticator public key and the client version number, to the client.
  • extension register response sent to the client specifically is:
  • CableRegistration ⁇ version: int, maxVersion: int, authenticatorPublicKey: bytes, ⁇ .
  • the method before entering connecting mode, the method further includes: disconnecting Bluetooth connection between devices.
  • Step 206 the authenticator scans broadcast data, obtains a first client identification in the broadcast data, obtains a first key stored by the authenticator, verifies the first client identification according to the first key, if verifying is successful, execute Step 207 ; if verifying is failed, rescan broadcast data.
  • the method before executing Step 206 , the method further includes: the authenticator activates scanning.
  • verifying the client identification according to the first key specifically is: the authenticator obtains a first preset field stored by the authenticator, a first random number and a first data in the first client identification, performs operation on the first preset filed and the first random number via the first key according to the fourth preset algorithm to obtain a second data, determines whether the second data and the first data are identical, if yes, verifying is successful; otherwise, verifying is failed.
  • he authenticator obtains a first preset field stored by the authenticator, a first random number and a first data in the first client identification, performs operation on the first preset filed and the first random number via the first key according to the fourth preset algorithm to obtain a second data, determines whether the second data and the first data are identical specifically is: the authenticator takes the first 8 bytes of the first client identification as a first random number, takes the last 8 bytes of the first client identification as a first data, performs operation on the first preset field and the first random number via the first key according to a fourth preset algorithm to obtain a second data, determines whether the second data and the first data are identical, if yes, verifying is successful; otherwise, verifying is failed.
  • Step 206 specifically includes: the authenticator scans broadcast data, obtains the first client identification in the broadcast data, orderly obtains a first key in the initial pairing key list stored by the authenticator, verifies the first client identification according to the obtained first key, if verifying is successful, generate a second client identification according to the obtained first key which is used for verifying the first client identification successfully, obtains a second key corresponding to the first key, generates a second session key according to the second key, execute Step 303 ; if all of the first key in the initial pairing key list verify the first client identification unsuccessfully, rescan the broadcast data.
  • the first client identification clientEid is:
  • Step 207 the authenticator generates a second authenticator identification according to the first key, obtains the second key corresponding to the first key, generates a second session key according to the second key, notifies that verifying the first client identification is successful, stops scanning and broadcasts broadcast data including the second authenticator identification.
  • the authenticator generates a second authenticator identification according to the first key specifically is: the authenticator obtains a second preset field stored by the authenticator, concatenates the first client identification and the second preset field orderly, performs operation on the first client identification and the second preset filed via the first key according to the fourth preset algorithm to obtain a fourth data, takes a preset byte of the fourth data as a second authenticator identification.
  • taking the preset byte of the fourth data as a second authenticator identification specifically is: the authenticator takes the first 16 bytes of the fourth data as a second authenticator identification.
  • Step 207 notifying that verifying the first client identification is successful, stops scanning and broadcasts broadcast data including the second authenticator identification specifically includes: the authenticator sends a request for building Bluetooth connection to the client, builds Bluetooth connection with the client, when the Bluetooth connection is disconnected, the authenticator broadcasts broadcast data including the second authenticator identification.
  • the method further includes: the authenticator sends a first unique identification address to the client, receives a second unique identification address sent from the client.
  • the broadcast data further includes the first unique identification address and the second unique identification address.
  • the Bluetooth connection is disconnected specifically is: the authenticator sends a request for disconnecting Bluetooth connection to the client, receives a disconnecting response.
  • the Bluetooth connection is disconnected specifically is: the authenticator receives a request for disconnecting Bluetooth connection sent from the client and returns a disconnecting response to the client.
  • Step 207 notifying that verifying the first client identification is successful specifically is: the authenticator prompts a user to switch state of the client from broadcasting state to scanning state via a prompting module.
  • the authenticator broadcasts data according to broadcasting format, specifically, the second authenticator identification is stored in data option of the broadcast data; specifically the second authenticator identification is stored in Service Data option.
  • the second preset field is: “authenticator”,
  • the method specifically includes: the client stops broadcasting, starts scanning broadcast data including the first unique identification address and the second unique identification address, parses the broadcast data obtained by scanning to obtain the second authenticator identification, verifies the second authenticator identification, if verifying is successful, the client sends a request for building Bluetooth connection to the authenticator, builds Bluetooth connection with the authenticator, if verifying is failed, the procedure is end.
  • Step 208 further includes: the authenticator determines whether the received command is a handshake command, if yes, execute Step 209 ; otherwise, disconnect Bluetooth connection.
  • Step 209 the authenticator obtains the client data and the client data digest value in the handshake command, performs operation via the second session key to obtain a second handshake key, verifies the client data via the second handshake key, the client data and the client data digest value, if verifying is successful, the authenticator performs operation on the authenticator data via the second handshake key to obtain an authenticator data digest value, sends a handshake response including the authenticator data and the authenticator data digest value to the client.
  • the authenticator performs operation via the second session key to obtain a second handshake key specifically is: the authenticator obtains a second random number and a second preset data stored by the authenticator, performs operation on the second random number and the second preset data via the second session key according to the third preset algorithm to obtain a second handshake key.
  • the authenticator obtains the second random number specifically is: the authenticator takes the first random number as the second random number.
  • verifying the client data according to the second handshake key, the client data and the client data digest value specifically is: the authenticator performs operation on the client data via the handshake key according to the fourth preset algorithm to obtain the client data digest value, determines whether the client data digest value obtained by performing operation is identical to the received client data digest value, if yes, verifying is successful, otherwise, verifying is failed.
  • the authenticator data includes: the client version number, the authenticator preset field and the third random number with 16 bytes generated by the authenticator.
  • the second preset data is ASCII character string “FIDO caBLE v1 handshakeKey”
  • Step 210 the authenticator waits for receiving an operating command sent from the client, when the operating command is received, execute Step 211 .
  • Step 211 the authenticator obtains the cipher data in the operating command, performs operation via the second session key to obtain a second encrypting key, decrypts the cipher data via the second encrypting key to obtain an operating data, performs operation corresponding to the operating data to obtain operating result data, performs operation on the operating result data via the second encrypting key to obtain operating result response data, sends an operating response including operating response data to the client.
  • the authenticator performs operation via the second session key to obtain a second encrypting key specifically is: the authenticator obtains the first random number, the fourth random number in the client data, a third preset data stored by the authenticator, and the third random number, performs operation on the first random number, the fourth random number in the client data, the third random number and the third preset data via the second session key according to the third preset algorithm to obtain a second encrypting key.
  • performing operation on the first random number, the fourth random number in the client data, the third random number and the third preset data via the second session key according to the third preset algorithm to obtain a second encrypting key specifically is: the authenticator performs hash operation on the first random number, the fourth random number in the client data, the third random number to obtain a hash value, performs operation on the hash value and the third preset data via the second session key to obtain a second encrypting key.
  • sending an operating response including operating response data to the client specifically is: the authenticator obtains a count value of a counter, generates a message random number, performs operation on the message random number, data to be encrypted, data head via the second encrypting key to obtain the cipher data, combines the count value, the data head, the message random number and the cipher data to obtain operating result response data, sends the operating result response data to the client.
  • the message random number specifically is combination of the first random number, the counter value and the preset field counter
  • the counter value is: 0x00 (the client) or 0x01 (the authenticator)
  • Embodiment 2 if the authenticator can not decrypt the cipher data sent from the client, the authenticator performs disconnecting, meanwhile, if the client can not decrypt the cipher data sent from the authenticator, the client performs disconnecting.
  • the third preset data is ASCII character string “ADO caBLE v1 sessionKey”
  • Embodiment 3 of the present invention provides an authenticator, as shown in FIG. 4 , the authenticator includes:
  • the authenticator further includes:
  • the first verifying module 14 specifically is configured to obtain a first preset field stored by the first verifying module, a first random number and a first data in the first client identification, perform operation on the first preset field and the first random number via the first key according to a fourth preset algorithm to obtain a second data, determine whether the second data and the first data are identical.
  • the first generating module 15 specifically is configured to obtain a second preset field stored by the first generating module, concatenate the first client identification and the second preset field orderly, perform operation on the first client identification and the second preset field via the first key according to the fourth preset algorithm to obtain a fourth data, take a preset byte in the fourth data as the second authenticator identification.
  • the second generating module 16 specifically is configured to obtain a first preset data stored by the second generating module and the first random number in the first client identification, perform operation on the first random number and the first preset data via the second key according to a third preset algorithm to obtain a second session key.
  • the third generating module 19 specifically is configured to obtain the second random number and a second preset data stored by the third generating module, perform operation on the second random number and the second preset data via the second session key according to the third preset algorithm to obtain a second handshake key.
  • the notifying module 17 specifically configured to build Bluetooth connection with the client, trigger the second broadcasting module when the Bluetooth connection is disconnected.
  • the authenticator further includes a sending and receiving module; the sending and receiving module is configured to send a first unique identification address to the client, receive a second unique identification address sent from the client;
  • the notifying module 17 specifically is configured to prompt a user to switch state of the client from broadcast state to scanning state via a prompting module.
  • the client and the authenticator build Bluetooth pairing connection at application level, perform bidirectional broadcast and scanning authentication in connecting process; an encrypting key is generated according to a negotiated key after successful authentication and connection; data in communicating process is encrypted and transferred in communicating process via the encrypting key which is assures that data in transferring process will not be stolen.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Small-Scale Networks (AREA)

Abstract

A communication method for an authenticator, the method comprising: an authenticator is powered on, and enters a connection mode; broadcast data is scanned, a first client identifier in the broadcast data is acquired, and a first key is acquired to verify the first client identifier; if verification is successful, a second authenticator identifier and a second session key are generated, notification is carried out for the successful verification of the first client identifier, scanning is stopped, and broadcast data that comprises the second authenticator identifier is broadcasted; the authenticator receives a request to establish a Bluetooth connection sent by a client, establishes a Bluetooth connection with the client, and performs handshake and encrypted communication operations with the client. According to the present invention, the data in a transmission process is guaranteed to not get stolen, so the data security in the transmission process is improved, and the benefit to the user is thus ensured.

Description

TECHNICAL FIELD
The present invention relates to an authenticator and a method for making communication with the authenticator, which belongs to communication technology field.
PRIOR ART
In prior art, standard Bluetooth adapts system level pairing, i.e. a Bluetooth device paring with another Bluetooth device. That kind of pairing has following shortcomings: at one aspect, all applications on one device can use data transferred by another Bluetooth device after pairing, which leads to unsafe data; at another aspect, it is unfriendly to application UI, a slave device is completely to be connected passively in connecting process, no master device can be chosen; In addition, communication performed in some connecting processes among Bluetooth devices requires no pairing at all. Those connecting processes will lead to that sensitive data might be stolen and low security.
SUMMARY OF THE INVENTION
The object of the present invention is to provide an authenticator and a communicating method thereof, which can assure that data will not be stolen in transmitting process and data security is improved in transmitting process.
Thus, according to one aspect of the present invention, a communicating method of an authenticator is provided. The method includes the following Steps:
    • S1) the authenticator powers up and enters connecting mode;
    • S2) the authenticator scans broadcast data, obtains a first client identification in the broadcast data, obtains a first key stored by the authenticator, verifies the first client identification according to the first key, if verifying is successful, execute Step S3; if verifying is failed, rescan broadcast data;
    • S3) the authenticator generates a second authenticator identification according to the first key; obtains a second key corresponding to the first key, generates a second session key according to the second key, notifies that verifying the first client identification is successful, stops scanning and broadcasts broadcast data including the second authenticator identification;
    • S4) the authenticator receives a request for building Bluetooth connection sent from the client, builds Bluetooth connection with the client, waits for receiving a handshake command sent from the client, when the handshake command is received, execute Step S5;
    • S5) the authenticator obtains a second handshake key by performing operation via the second session key, obtains client data and a client data digest value in the handshake command, verifies the client data according to the second handshake key, the client data and the client data digest value, if verifying is successful, the authenticator performs operation on authenticator data via the second handshake key to obtain an authenticator data digest value, sends a handshake response including the authenticator data and the authenticator data digest value to the client;
    • S6) the authenticator waits for receiving an operating command sent from the client, when the operating command is received, execute Step S7; and
    • S7) the authenticator obtains cipher data in the operating command, performs operation via the second session key to obtain a second encrypting key, decrypts the cipher data via the second encrypting key to obtain operating data, performs corresponding operation according to the operating data to obtain operating result data, performs operation on the operating result data via the second encrypting key to obtain operating response data, sends an operating response including the operating response data to the client.
According to another aspect of the present invention, an authenticator is provided. The authenticator includes:
    • a powering and processing module configured to power up and enter connecting mode;
    • a scanning module configured to scan broadcast data and obtain a first client identification in the broadcast data;
    • an obtaining module configured to obtain a first key stored by the obtaining module;
    • a first verifying module configured to verify the first client identification according to a first key;
    • a first generating module configured to generate a second authenticator identification according to the first key;
    • the obtaining module further configured to obtain a second key corresponding to the first key;
    • a second generating module configured to generate a second session key according to the second key;
    • a notifying module configured to notify that verifying the first client identification is successful;
    • a broadcasting module configured to stop scanning and broadcast the broadcast data comprising the second authenticator identification;
    • the obtaining module further configured to obtain client data and a client data digest value according to a handshake command;
    • a third generating module configured to perform operation via the second session key to obtain a second handshake key;
    • a second verifying module configured to verify the client data according to the second handshake key, the client data and the client data digest value;
    • a fourth generating module configured to perform operation on authenticator data via the second handshake key to obtain an authenticator data digest value;
    • a sending module configured to send a handshake response including the authenticator data and the authenticator data digest value to the client;
    • the obtaining module further configured to obtain cipher data in an operating command;
    • a fifth generating module configured to perform operation via the second session key to obtain a second encrypting key;
    • a decrypting and processing module configured to decrypt the cipher data via the second encrypting key to obtain operating data, perform corresponding operation according to the operating data to obtain operating result data, perform operation on the operating result data via the second encrypting key to obtain operating response data;
    • and the second sending module further configured to send an operating response including operating response data to the client.
According to the present invention, based on a Bluetooth connection among those devices, the client and the authenticator build a Bluetooth pairing connection at application level, perform a bidirectional broadcast and scanning authentication in connecting process; an encrypting key is generated according to a session key after successful authentication and connection; data in communicating process is encrypted and transferred in communicating process via the encrypting key which assures that data during any data transferring process will not be stolen. By adapting the method provided by the present invention, data security is improved in transferring process and benefit of users is assured.
BRIEF DESCRIPTION OF THE DRAWINGS
FIG. 1 presents a flow chart of a communicating method of an authenticator provided in Embodiment 1 of the present invention.
FIG. 2 and FIG. 3 present a flow chart of a communicating method of an authenticator provided in Embodiment 2 of the present invention,
FIG. 4 is a block diagram of an authenticator device provided in Embodiment 3 of the present invention.
 DESCRIPTION OF EMBODIMENTS
The embodiments of the present disclosure will be clearly and completely described in the following with reference to the accompanying drawings in the embodiments of the present disclosure. It is obvious that the described embodiments are only a part of the embodiments of the present disclosure, but not all embodiments. All other embodiments obtained by those skilled in the art based on the embodiments of the present disclosure without inventive efforts are within the scope of the present disclosure.
Embodiment 1
Embodiment 1 provides a communicating method of an authenticator, which is adapted to a system including a client and an authenticator. The client is an application installed on a mobile terminal with Bluetooth function and the authenticator has Bluetooth function.
As shown in FIG. 1 , the method includes the following steps.
Step 101, the authenticator powers up and enters a connecting mode.
Step 102, the authenticator scans broadcast data, obtains a first client identification in the broadcast data, obtains a first key stored by the authenticator, verifies the first client identification according to the first key, if verifying is successful, execute Step 103; if verifying is failed, rescan broadcast data.
Step 103, the authenticator generates a second authenticator identification according to the first key, obtains a second key corresponding to the first key, generates a second session key according to the second key, notifies that verifying the first client identification is successful, stops scanning and broadcasts broadcast data including the second authenticator identification.
Step 104, the authenticator receives a request for building Bluetooth connection sent from the client, builds Bluetooth connection with the client, waits for receiving a handshake command sent from the client, when the handshake command is received, execute Step 105.
Step 105, the authenticator obtains a second handshake key by performing operation via the second session key, obtains client data and a client data digest value in the handshake command, verifies the client data according to the second handshake key, the client data and the client data digest value, if verifying is successful, the authenticator performs operation on authenticator data via the second handshake key to obtain an authenticator data digest value, sends a handshake response including the authenticator data and the authenticator data digest value to the client.
Step 106, the authenticator waits for receiving an operating command sent from the client, when the operating command is received, execute Step 107.
Step 107, the authenticator obtains cipher data in the operating command, performs operation via the second session key to obtain a second encrypting key, decrypts the cipher data via the second encrypting key to obtain operating data, performs corresponding operation according to the operating data to obtain operating result data, performs operation on the operating result data via the second encrypting key to obtain operating response data, sends an operating response including the operating response data to the client.
Preferably, in Embodiment 1, before entering connecting mode, the method further includes: the authenticator determines activating mode, when the activating mode is a first mode, the authenticator enters the connecting mode; when the activating mode is a second mode, the authenticator enters a pairing mode.
For entering the pairing mode, the method further includes:
    • Step a1) the authenticator receives a extension register command sent from the client, obtains client public key and a client version number in the extension register command, generates an authenticator key pair, generates a first parameter according to the client public key and authenticator private key of the authenticator key pair;
    • Step a2) the authenticator obtains a first preset data stored by the authenticator, generates initial pairing key according to the client public key, authenticator public key of the authenticator key pair, the client version number, the first preset data and the first parameter, splits the initial pairing key to obtain a first key and a second key, stores the first key and the second key correspondingly; and
    • Step a3) the authenticator sends an extension register response to the client, the extension register response including the authenticator public key and the client version number, the authenticator enters connecting mode.
Preferably, in Embodiment 1, before entering pairing mode, the method further includes: the authenticator the mobile terminal on which the client is build Bluetooth connection with each other.
Specifically, in Step a3, before entering connecting mode, the method further includes: disconnecting Bluetooth connection.
Preferably, in Embodiment 1, verifying the obtained client identification according to the first key specifically is: the authenticator obtains a first preset field stored by the authenticator, a first random number and a first data in the first client identification, performs operation on the first preset field and the first random number via the first key according to a fourth preset algorithm to obtain a second data, determines whether the second data and the first data are identical, if yes, verifying is successful: otherwise, verifying is failed.
Preferably, in Embodiment 1 the authenticator generates a second authenticator identification according to the first key specifically is: the authenticator obtains a second preset field stored by the authenticator, concatenates the first client identification and the second preset field orderly, performs operation on the first client identification and the second preset field via the first key according to the fourth preset algorithm to obtain a fourth data, takes a preset byte in the fourth data as the second authenticator identification.
Preferably, in Embodiment 1, generating a second session key according to the second key specifically is: the authenticator obtains a first preset data stored by the authenticator and the first random number in the first client identification, performs operation on the first random number and the first preset data via the second key according to a third preset algorithm to obtain a second session key.
Preferably, in Embodiment 1 the authenticator performs operation via the second session key to obtain a second handshake key specifically is: the authenticator obtains a second random number and a second preset data stored by the authenticator, performs operation on the second random number and the second preset data via the second session key according to the third preset algorithm to obtain a second handshake key.
Preferably, in Embodiment 1, notifying that verifying the first client identification is successful and stopping scanning and broadcasting broadcast data including the second authenticator identification in Step 103 specifically is: the authenticator sends a request for building Bluetooth connection to the client, builds Bluetooth connection with the client, when the Bluetooth connection is disconnected, the authenticator broadcasts broadcast data including the second authenticator identification.
Preferably, in Embodiment 1, after the authenticator and the client builds Bluetooth connection, the method further includes: the authenticator sends a first unique identification address to the client and receives a second unique identification address sent from the client:
In this case, the broadcast data further includes the first unique identification address and the second unique identification address.
Preferably, in Embodiment 1, in Step 103, notifying that verifying the first client identification is successful specifically includes: the authenticator prompts a user to switch state of the client from broadcast state to scanning state via a prompting module.
Embodiment 2
Embodiment 2 provides a communicating method of an authenticator, which is adapted to a system including a client and an authenticator. The client is an application installed on a mobile terminal with Bluetooth function and the authenticator has a Bluetooth function.
As shown in FIG. 2 and FIG. 3 , the method includes the following step.
Step 201, the authenticator powers up, determines activating mode, when the activating mode is a second mode, the authenticator enters pairing mode, execute Step 202; when the activating mode is a first mode, the authenticator enters connecting mode, execute Step 206.
In Embodiment 2, that the authenticator powers up specifically is: when a press key of the authenticator is pressed down by a user the authenticator powers up.
In this case, the activating mode specifically is a type of press key triggering.
Specifically, determining activating mode specifically is: the authenticator determines type of press key, if the type of press key is a first type, the authenticator enters a connecting mode; if the type of press key is a second type, the authenticator enters a pairing mode.
Specifically, the type of press key includes short time pressing key and long time pressing key; in this case, the short time pressing key is a first type, the long time pressing key is a second type.
More specifically, the authenticator determines type of press key specifically is: the authenticator determines type of press key according to a key pressing time period threshold value and time period for pressing and holding the press key, if time period for pressing and holding the press key overpasses the key pressing time period threshold value, the type of the press key is long time pressing key; if time period for pressing and holding the press key does not overpass the key pressing time period threshold value, the type of the press key is short time pressing key.
Step 202, the authenticator waits for receiving an extension register command sent from the client, when the extension register command sent from the client is received, execute Step 203.
In Embodiment 2, Step 202 further includes: the authenticator determines whether the received command is an extension register command, if yes, execute Step 203; otherwise, no processing is performed.
In Embodiment 2, before Step 202, the method further includes: the authenticator and the mobile terminal on which the client is build Bluetooth connection between devices.
In Embodiment 2, the extension register command received by the authenticator is data which meets standard Bluetooth protocol, specifically, the command is transmitted by the client via a Bluetooth connecting transmission layer which are built between the mobile terminal on which the client is and the authenticator.
For example, the extension register command specifically is:
dictionary CableRegistrationData {
required sequence<long> versions; required BufferSource rpPublicKey;
}.
Step 203, the authenticator obtains client public key and a client version number in the extension register command, generates an authenticator key pair, generates a first parameter according to the client public key and authenticator private key of the authenticator key pair.
In Embodiment 2, generating a first parameter according to the client public key and authenticator private key of the authenticator key pair specifically is: the authenticator generates a first parameter according to the client public key and authenticator private key of the authenticator key pair and a second preset algorithm.
In Embodiment 2, the authenticator generates an authenticator key pair specifically is: the authenticator generates an authenticator key pair according to a first preset algorithm; the authenticator key pair includes an authenticator private key and an authenticator public key.
In this case, the first preset algorithm specifically is algorithm for generating key pair; the authenticator and the client uses a same algorithm for generating key pair.
In this case, the second preset algorithm can be ECDH algorithm.
Specifically, the authenticator generates a first parameter according to the client public key and authenticator private key of the authenticator key pair and a second preset algorithm specifically is: the authenticator multiplies the authenticator private key with the client public key to obtain a product result, takes the first 32 bytes of the product result as the first parameter.
For example, the client public key is:
    • 5F164D70138A35F67FAAEF38E7D4A8C9249A6C8830A4A46C9844B617E9AD 15AD3E2BC019CB3984A24AB2173033C9615FBD58542739957227510060CA97F1A2 E7;
    • the client version number is: “00000001”;
    • the first preset algorithm is: ECC-256;
    • the authenticator public key is:
    • CCF146DD3FF87173845A576973664EB2BB80861CA10A656ADC526B4075FA 06EE52B4A7C65B12CA572441D2354B08E8172BC296925ADEF8E898BCD5FA11894 67B;
    • the authenticator private key is:
    • 4C5CD1D426794EB72CBE05D83B9799E48161D7FBFDE4D6B2FFB76A9662C 5CFC5;
    • the authenticator multiplies the authenticator private key with the client public key to obtain a product result which is:
    • 8BD9B24EE678018E1CC6C487A55FF3774765F8AB2AF43BDD101F03E17218 1D1718D86A26245A9808CA09E3048497939D1F314825660DCB14DBEF1F0F6EE619 B9;
    • the first parameter is:
    • 8BD9B24EE678018E1CC6C487A55FF3774765F8AB2AF43BDD101F03E17218 1D17.
Step 204, the authenticator obtains a first preset data stored by the authenticator, generates an initial pairing key according to the client public key, the authenticator public key of the authenticator key pair, the client version number, the first preset data and the first parameter, splits the initial pairing key to obtain a first key and a second key, stores the first key and the second key correspondingly.
In Embodiment 2, generating initial pairing key according to the client public key, the authenticator public key of the authenticator key pair, the client version number, the first preset data and the first parameter specifically is: the authenticator generates initial pairing key according to the client public key, the authenticator public key of the authenticator key pair, the client version number, the first preset data and the first parameter according to a third preset algorithm.
In Embodiment 2, the authenticator generates initial pairing key according to the client public key, the authenticator public key of the authenticator key pair, the client version number, the first preset data and the first parameter according to a third preset algorithm specifically is: the authenticator obtains a first preset data, concatenates the client version number, the client public key and the authenticator public key orderly and performs hash digest operation on concatenated result to obtain a salt value, takes the first parameter as key to perform operation on the salt value and the first preset data according to a third preset algorithm to obtain initial pairing key.
In Embodiment 2, the method further includes: the authenticator stores the first key and the second key correspondingly in an initial pairing key list.
In this case, the length of the obtained initial pairing key is 32 bytes, the first 16 bytes of the obtained initial pairing key is taken as the first key, the last 16 bytes of the obtained initial pairing key is taken as the second key.
For example, the first preset data is ASCII character string “FIDO caBLE v1 pairing data”;
    • the third preset algorithm is: (HKDF-SHA-256);
    • the authenticator concatenates the client version number, the client public key and the authenticator public key orderly to obtain a concatenated result which is:
    • 000000015F164D70138A35F67FAAEF38E7D4A8C9249A6C8830A4A46C9844B 617E9AD15AD3E2BC019CB3984A24AB2173033C9615FBD58542739957227510060C A97F1A2E7CCF146DD3FF87173845A576973664EB2BB80861CA10A656ADC526B40 189467B;
    • takes the first parameter as key to perform operation on the salt value and the first preset data according to a third preset algorithm to obtain initial pairing key which is:
    • 8BD9B24EE678018E1CC6C487A55FF3774765F8AB2AF43BDD101F03E17218 1D17;
    • splits the initial pairing key to obtain a first key which is:
    • 039A77D14CD5077E9DEA7C5B344E1CB35A50433540E55792A2D64BE31571 E883;
    • splits the initial pairing key to obtain a second key which is:
    • B66209F7436B16AD3CA177970A266E89A3964B4DEFC9FB9A15665CC1C603 1087.
Step 205, the authenticator sends an extension register response to the client and enters connecting mode, execute Step 206.
In Embodiment 2, the authenticator sends an extension register response, which includes the authenticator public key and the client version number, to the client.
For example, the extension register response sent to the client specifically is:
CableRegistration = {
version: int,
maxVersion: int,
authenticatorPublicKey: bytes,
}.
In Embodiment 2, before entering connecting mode, the method further includes: disconnecting Bluetooth connection between devices.
Step 206, the authenticator scans broadcast data, obtains a first client identification in the broadcast data, obtains a first key stored by the authenticator, verifies the first client identification according to the first key, if verifying is successful, execute Step 207; if verifying is failed, rescan broadcast data.
In Embodiment 2, before executing Step 206, the method further includes: the authenticator activates scanning.
Preferably, in Embodiment 2, verifying the client identification according to the first key specifically is: the authenticator obtains a first preset field stored by the authenticator, a first random number and a first data in the first client identification, performs operation on the first preset filed and the first random number via the first key according to the fourth preset algorithm to obtain a second data, determines whether the second data and the first data are identical, if yes, verifying is successful; otherwise, verifying is failed.
Specifically, he authenticator obtains a first preset field stored by the authenticator, a first random number and a first data in the first client identification, performs operation on the first preset filed and the first random number via the first key according to the fourth preset algorithm to obtain a second data, determines whether the second data and the first data are identical specifically is: the authenticator takes the first 8 bytes of the first client identification as a first random number, takes the last 8 bytes of the first client identification as a first data, performs operation on the first preset field and the first random number via the first key according to a fourth preset algorithm to obtain a second data, determines whether the second data and the first data are identical, if yes, verifying is successful; otherwise, verifying is failed.
In Embodiment 2, Step 206 specifically includes: the authenticator scans broadcast data, obtains the first client identification in the broadcast data, orderly obtains a first key in the initial pairing key list stored by the authenticator, verifies the first client identification according to the obtained first key, if verifying is successful, generate a second client identification according to the obtained first key which is used for verifying the first client identification successfully, obtains a second key corresponding to the first key, generates a second session key according to the second key, execute Step 303; if all of the first key in the initial pairing key list verify the first client identification unsuccessfully, rescan the broadcast data.
For example, the first client identification clientEid is:
    • EB59387103AF03A546D62B1364719F61;
    • the first random number is: EB59387103AF03A5;
    • the first data is: 46D62B1364719F61;
    • the first preset field is: “client”;
    • the fourth preset algorithm specifically is: (HMAC-SHA256).
Step 207, the authenticator generates a second authenticator identification according to the first key, obtains the second key corresponding to the first key, generates a second session key according to the second key, notifies that verifying the first client identification is successful, stops scanning and broadcasts broadcast data including the second authenticator identification.
In Embodiment 2, the authenticator generates a second authenticator identification according to the first key specifically is: the authenticator obtains a second preset field stored by the authenticator, concatenates the first client identification and the second preset field orderly, performs operation on the first client identification and the second preset filed via the first key according to the fourth preset algorithm to obtain a fourth data, takes a preset byte of the fourth data as a second authenticator identification.
Specifically, taking the preset byte of the fourth data as a second authenticator identification specifically is: the authenticator takes the first 16 bytes of the fourth data as a second authenticator identification.
Preferably, in Embodiment 2, generating a second session key according to the second key specifically is: the authenticator takes a first preset data stored by the authenticator, performs operation on the first random number and the first preset data via the second key according to the third preset algorithm to obtain a second session key.
Preferably, in Embodiment 2, in Step 207, notifying that verifying the first client identification is successful, stops scanning and broadcasts broadcast data including the second authenticator identification specifically includes: the authenticator sends a request for building Bluetooth connection to the client, builds Bluetooth connection with the client, when the Bluetooth connection is disconnected, the authenticator broadcasts broadcast data including the second authenticator identification.
Preferably, in Embodiment 2, after the authenticator builds Bluetooth connection with the client, the method further includes: the authenticator sends a first unique identification address to the client, receives a second unique identification address sent from the client.
In this case, the broadcast data further includes the first unique identification address and the second unique identification address.
Further preferably, the Bluetooth connection is disconnected specifically is: the authenticator sends a request for disconnecting Bluetooth connection to the client, receives a disconnecting response.
More preferably, the Bluetooth connection is disconnected specifically is: the authenticator receives a request for disconnecting Bluetooth connection sent from the client and returns a disconnecting response to the client.
Preferably, in Embodiment 2, in Step 207, notifying that verifying the first client identification is successful specifically is: the authenticator prompts a user to switch state of the client from broadcasting state to scanning state via a prompting module.
In Embodiment 2, the authenticator broadcasts data according to broadcasting format, specifically, the second authenticator identification is stored in data option of the broadcast data; specifically the second authenticator identification is stored in Service Data option.
For example, the second preset field is: “authenticator”,
    • the second authenticator identification authenticatorEid is:
    • 4C7202F777505528DDF467D11BA1CC5F;
    • the second session key sessionPreKey is:
    • E93BCD54F6726030DE871348C44C0D85726796900F8A2C035DF6CE7C11F4 498E.
Step 208, the authenticator receives a request for building Bluetooth connection sent from the client, builds Bluetooth connection with the client, waits for receiving a handshake command sent from the client, when the handshake command is received, execute Step 209.
Preferably, in Embodiment 2, before Step 208, the method specifically includes: the client stops broadcasting, starts scanning broadcast data including the first unique identification address and the second unique identification address, parses the broadcast data obtained by scanning to obtain the second authenticator identification, verifies the second authenticator identification, if verifying is successful, the client sends a request for building Bluetooth connection to the authenticator, builds Bluetooth connection with the authenticator, if verifying is failed, the procedure is end.
In Embodiment 2, Step 208 further includes: the authenticator determines whether the received command is a handshake command, if yes, execute Step 209; otherwise, disconnect Bluetooth connection.
Step 209, the authenticator obtains the client data and the client data digest value in the handshake command, performs operation via the second session key to obtain a second handshake key, verifies the client data via the second handshake key, the client data and the client data digest value, if verifying is successful, the authenticator performs operation on the authenticator data via the second handshake key to obtain an authenticator data digest value, sends a handshake response including the authenticator data and the authenticator data digest value to the client.
Preferably, in Embodiment 2, the authenticator performs operation via the second session key to obtain a second handshake key specifically is: the authenticator obtains a second random number and a second preset data stored by the authenticator, performs operation on the second random number and the second preset data via the second session key according to the third preset algorithm to obtain a second handshake key.
In Embodiment 2, the authenticator obtains the second random number specifically is: the authenticator takes the first random number as the second random number.
Specifically, verifying the client data according to the second handshake key, the client data and the client data digest value specifically is: the authenticator performs operation on the client data via the handshake key according to the fourth preset algorithm to obtain the client data digest value, determines whether the client data digest value obtained by performing operation is identical to the received client data digest value, if yes, verifying is successful, otherwise, verifying is failed.
In Embodiment 2, performing operation on the authenticator data via the second handshake key to obtain an authenticator data digest value specifically is: the authenticator generates a third random number, takes the client version number, the authenticator preset field and the third random number as authenticator data, performs operation on the authenticator data via the second handshake key according to the fourth preset algorithm to obtain an authenticator data digest value.
Specifically, the authenticator data includes: the client version number, the authenticator preset field and the third random number with 16 bytes generated by the authenticator.
For example, the second preset data is ASCII character string “FIDO caBLE v1 handshakeKey”;
the second handshake key obtained is:
    • 31454C6E1BB6A9D64790C9B1FD1372F85F5DC09072B398317FF0760EACE0 09A5;
    • the third random number is:
    • 935337A931634E9C22C8EEB080827DF3;
    • the authenticator preset field is:
    • 6361424C45763161757468656E74696361746F7268656C6C6F;
    • the authenticator data is:
    • 6361424C45763161757468656E74696361746F7268656C6C6F935337A931634 E9C22C8EEB080827DF3;
    • the authenticator data digest value is: 07808B071C8E69DF1F1BFD13D52F39B8.
Step 210, the authenticator waits for receiving an operating command sent from the client, when the operating command is received, execute Step 211.
Step 211, the authenticator obtains the cipher data in the operating command, performs operation via the second session key to obtain a second encrypting key, decrypts the cipher data via the second encrypting key to obtain an operating data, performs operation corresponding to the operating data to obtain operating result data, performs operation on the operating result data via the second encrypting key to obtain operating result response data, sends an operating response including operating response data to the client.
In Embodiment 2, the authenticator performs operation via the second session key to obtain a second encrypting key specifically is: the authenticator obtains the first random number, the fourth random number in the client data, a third preset data stored by the authenticator, and the third random number, performs operation on the first random number, the fourth random number in the client data, the third random number and the third preset data via the second session key according to the third preset algorithm to obtain a second encrypting key.
Specifically, performing operation on the first random number, the fourth random number in the client data, the third random number and the third preset data via the second session key according to the third preset algorithm to obtain a second encrypting key specifically is: the authenticator performs hash operation on the first random number, the fourth random number in the client data, the third random number to obtain a hash value, performs operation on the hash value and the third preset data via the second session key to obtain a second encrypting key.
Specifically, performing operation on the hash value and the third preset data via the second session key to obtain a second encrypting key specifically is: the authenticator performs operation on the hash value and the third preset data via the second session key according to the third preset algorithm to obtain a second encrypting key.
In Embodiment 2, sending an operating response including operating response data to the client specifically is: the authenticator obtains a count value of a counter, generates a message random number, performs operation on the message random number, data to be encrypted, data head via the second encrypting key to obtain the cipher data, combines the count value, the data head, the message random number and the cipher data to obtain operating result response data, sends the operating result response data to the client.
In Embodiment 2, the authenticator performs operation on the message random number, data to be encrypted, data head via the second encrypting key to obtain the cipher data specifically is: the authenticator performs operation on the message random number, data to be encrypted, data head according to a fifth preset algorithm via the second encrypting key to obtain the cipher data.
Specifically, the message random number specifically is combination of the first random number, the counter value and the preset field counter
    • the data head specifically is header if sender is the client, the data head header specifically is crud: if sender is the authenticator, the data head header specifically is STAT; in this case, STAT specifically is STAT byte of FIDO BLE transmission protocol;
    • the fifth preset algorithm specifically is: AES256-GCM;
    • in this case, the counter is a 24 digit message counter; both the counter of the client and the counter of the authenticator are initialized to be zero, the value of both counters are increased by degrees at the same time after a message is sent.
For example, the counter value is: 0x00 (the client) or 0x01 (the authenticator)
    • the message head, header=cmd, or header=STAT;
    • the message random number, messageNonce=nonce (8 bytes)∥Sender (1 byte)∥Counter (3 bytes);
    • the cipher data, chiperDATA=AES256-GCM(key=sessionKey, nonce=messageNonce, plaintext=DATA′, additionalData=Header, taglength=128);
    • if Plaintext=0808080808080808,
    • messageNonce=EB59387103AF03A501000001,
    • sessionKey=6D0D200DFB8A55613AF009D804262CC673A78E1E4293D1E1BF83BC7A54867 ECC,
    • the cipher data obtained by performing operation is:
    • chiperdata=44C6F2 7E BC 14 9F 49 EE 88 29 DB 60 E4 70 D0;
    • the operating response data obtained by combining the counter value, the data head, the message random number and the cipher data specifically is:
    • 0x01+cmd+messagenonce+chiperdata.
In Embodiment 2, if the authenticator can not decrypt the cipher data sent from the client, the authenticator performs disconnecting, meanwhile, if the client can not decrypt the cipher data sent from the authenticator, the client performs disconnecting.
For example, the third preset data is ASCII character string “ADO caBLE v1 sessionKey”;
    • the second encrypting key is:
    • 6D0D20CDFB8A55613AF009D804262CC673A78E1E4293D1E1BF83BC7A548 67ECC.
Embodiment 3
Embodiment 3 of the present invention provides an authenticator, as shown in FIG. 4 , the authenticator includes:
    • a powering and processing module 11 configured to power up and enter a connecting mode;
    • a scanning module 12 configured to scan broadcast data and obtain a first client identification in the broadcast data;
    • an obtaining module 13 configured to obtain a first key stored by the obtaining module;
    • a first verifying module 14 configured to verify the first client identification according to a first key;
    • a first generating module 15 configured to generate a second authenticator identification according to the first key;
    • the obtaining module 13 further configured to obtain a second key corresponding to the first key;
    • a second generating module 16 configured to generate a second session key according to the second key;
    • a notifying module 17 configured to notify that verifying the first client identification is successful;
    • a broadcasting module 18 configured to stop scanning and broadcast the broadcast data including the second authenticator identification;
    • the obtaining module 13 further configured to obtain client data and a client data digest value according to a handshake command;
    • a third generating module 19 configured to perform operation via the second session key to obtain a second handshake key;
    • a second verifying module 20 configured to verify the client data according to the second handshake key, the client data and the client data digest value;
    • a fourth generating module 21 configured to perform operation on authenticator data via the second handshake key to obtain an authenticator data digest value;
    • a sending module 22 configured to send a handshake response including the authenticator data and the authenticator data digest value to the client;
    • the obtaining module 13 further configured to obtain cipher data in an operating command;
    • a fifth generating module 23 configured to perform operation via the second session key to obtain a second encrypting key;
    • a decrypting and processing module 24 configured to decrypt the cipher data via the second encrypting key to obtain operating data, perform corresponding operation according to the operating data to obtain operating result data, perform operation on the operating result data via the second encrypting key to obtain operating response data;
    • the second sending module 22 further configured to send an operating response including operating response data to the client.
In Embodiment 3, preferably, the authenticator further includes:
    • a determining and processing module configured to determine activating mode;
    • a second obtaining and generating module configured to obtain client public key and a client version number in an obtaining extension register command, generate an authenticator key pair, generate a second parameter according to the client public key and authenticator private key of the authenticator key pair;
    • a second obtaining and generating module further configured to obtain a first preset data stored by the second obtaining and generating module, generate initial pairing key according to the client public key, authenticator public key of the authenticator key pair, the client version number, the first preset data and the second parameter, splits the initial pairing key to obtain a first key and a second key, stores the first key and the second key correspondingly;
    • the sending module further configured to send an extension register response to the client, the extension register response including the authenticator public key and the client version number.
In Embodiment 3, preferably, the first verifying module 14 specifically is configured to obtain a first preset field stored by the first verifying module, a first random number and a first data in the first client identification, perform operation on the first preset field and the first random number via the first key according to a fourth preset algorithm to obtain a second data, determine whether the second data and the first data are identical.
In Embodiment 3, preferably, the first generating module 15 specifically is configured to obtain a second preset field stored by the first generating module, concatenate the first client identification and the second preset field orderly, perform operation on the first client identification and the second preset field via the first key according to the fourth preset algorithm to obtain a fourth data, take a preset byte in the fourth data as the second authenticator identification.
In Embodiment 3, preferably, the second generating module 16 specifically is configured to obtain a first preset data stored by the second generating module and the first random number in the first client identification, perform operation on the first random number and the first preset data via the second key according to a third preset algorithm to obtain a second session key.
In Embodiment 3, preferably, the third generating module 19 specifically is configured to obtain the second random number and a second preset data stored by the third generating module, perform operation on the second random number and the second preset data via the second session key according to the third preset algorithm to obtain a second handshake key.
In Embodiment 3, preferably, the notifying module 17 specifically configured to build Bluetooth connection with the client, trigger the second broadcasting module when the Bluetooth connection is disconnected.
Preferably, the authenticator further includes a sending and receiving module; the sending and receiving module is configured to send a first unique identification address to the client, receive a second unique identification address sent from the client;
    • the data broadcasted by the second broadcasting module further includes the first unique identification address and the second unique identification address.
In Embodiment 3, preferably, the notifying module 17 specifically is configured to prompt a user to switch state of the client from broadcast state to scanning state via a prompting module.
According to the present invention, based on Bluetooth connection among devices, the client and the authenticator build Bluetooth pairing connection at application level, perform bidirectional broadcast and scanning authentication in connecting process; an encrypting key is generated according to a negotiated key after successful authentication and connection; data in communicating process is encrypted and transferred in communicating process via the encrypting key which is assures that data in transferring process will not be stolen. By adapting the method provided by the present invention, data security is improved in transferring process and benefit of user is assured.
An authenticator and a communicating method thereof provided by the present disclosure is introduced in detail above. The above description of the embodiments is merely to assist in understanding the method of the present disclosure and its core idea. At the same time, those skilled in the art might make various modifications on specific embodiments or its application scope according to the idea of the present disclosure. Thus, the content of the description above is not limit to the present disclosure.

Claims (18)

The invention claimed is:
1. A method for making communication with an authenticator, wherein the method comprises the following Steps:
S1) powering up, by an authenticator, to enter a connecting mode;
S2) scanning, by the authenticator, broadcast data, obtaining a first client identification in the broadcast data, obtaining a first key stored in the authenticator, verifying the first client identification according to the first key, if verifying is successful, executing Step S3; if verifying is failed, rescanning the broadcast data;
S3) generating, by the authenticator, a second authenticator identification according to the first key, obtaining a second key corresponding to the first key, generating a second session key according to the second key, notifying that verifying the first client identification is successful, and stopping scanning and broadcasting the broadcast data comprising the second authenticator identification;
S4) receiving, by the authenticator, a request for building a Bluetooth connection sent from the client, building the Bluetooth connection with the client, waiting for receiving a handshake command sent from the client, and when the handshake command is received, executing Step 105;
S5) obtaining, by the authenticator, client data and a client data digest value in the handshake command, obtaining a second handshake key by performing computation via the second session key, verifying the client data according to the second handshake key, the client data and the client data digest value, if verifying is successful, performing computation on authenticator data via the second handshake key to obtain an authenticator data digest value, and sending a handshake response comprising the authenticator data and the authenticator data digest value to the client, then executing Step S6;
S6) waiting for, by the authenticator, receiving an operating command sent from the client, and when the operating command is received, executing Step S7; and
S7) obtaining, by the authenticator, cipher data in the operating command, performing computation via the second session key to obtain a second encrypting key, decrypting the cipher data via the second encrypting key to obtain operating data, performing corresponding computation according to the operating data to obtain operating result data, performing computation on the operating result data via the second encrypting key to obtain operating response data, and sending an operating response comprising the operating response data to the client.
2. The method of claim 1, wherein before entering the connecting mode, the method further comprises: determining, by the authenticator, an activating mode, when the activating mode is a first mode, entering the connecting mode; when the activating mode is a second mode, entering a pairing mode; for entering the pairing mode, the method further comprises the following Steps:
A1) receiving, by the authenticator, an extension register command sent from the client, obtaining a client public key and a client version number in the extension register command, generating an authenticator key pair, and generating a first parameter according to the client public key and the authenticator private key of the authenticator key pair; A2) obtaining, by the authenticator, a first preset data stored in the authenticator, generating an initial pairing key according to the client public key, the authenticator public key of the authenticator key pair, the client version number, the first preset data and the first parameter, splitting the initial pairing key to obtain a first key and a second key, and storing the first key and the second key correspondingly; A3) sending, by the authenticator, an extension register response to the client, in which the extension register response comprises the authenticator public key and the client version number; then entering, by the authenticator, connecting mode.
3. The method of claim 1, wherein verifying the first client identification according to the first key specifically is: obtaining, by the authenticator, a first preset field stored in the authenticator, a first random number and a first data in the first client identification, performing computation on the first preset field and the first random number via the first key according to a fourth preset algorithm to obtain a second data, and determining whether the second data and the first data are identical, if yes, verifying being determined successful; otherwise, verifying being determined failed.
4. The method of claim 1, wherein generating, by the authenticator a second authenticator identification according to the first key specifically is: obtaining, by the authenticator, a second preset field stored in the authenticator, concatenating the first client identification and the second preset field orderly, performing computation on the first client identification and the second preset field via the first key according to the fourth preset algorithm to obtain a fourth data, and taking a preset byte in the fourth data as the second authenticator identification.
5. The method of claim 1, wherein generating a second session key according to the second key specifically is: obtaining, by the authenticator, a first preset data stored in the authenticator and the first random number in the first client identification, and performing computation on the first random number and the first preset data via the second key according to a third preset algorithm to obtain a second session key.
6. The method of claim 1, wherein performing computation via the second session key to obtain a second handshake key specifically is: obtaining, by the authenticator, a second random number and a second preset data stored in the authenticator, and performing computation on the second random number and the second preset data via the second session key according to the third preset algorithm to obtain a second handshake key.
7. The method of claim 1, wherein notifying that verifying the first client identification is successful and stopping scanning and broadcasting the broadcast data comprising the second authenticator identification in Step S3 specifically is: sending, by the authenticator, a request for building a Bluetooth connection to the client, building the Bluetooth connection with the client, and when the Bluetooth connection is disconnected, broadcasting, by the authenticator, the broadcast data comprising the second authenticator identification.
8. The method of claim 7, wherein after building the Bluetooth connection with the client, the method further comprises: sending, by the authenticator, a first unique identification address to the client; and receiving a second unique identification address sent from the client;
the broadcast data comprising the first unique identification address and the second unique identification address.
9. The method of claim 1, wherein in Step S3, notifying that verifying the first client identification is successful specifically comprises: prompting, by the authenticator, a user to switch state of the client from a broadcast state to a scanning state via a module for prompting.
10. An authenticator, wherein said authenticator comprises:
a module for powering and processing configured to power up and enter a connecting mode;
a module for scanning configured to scan broadcast data and obtain a first client identification in the broadcast data;
a module for obtaining configured to obtain a first key stored in the module for obtaining;
a first module for verifying the first client identification according to a first key;
a first module for generating a second authenticator identification according to the first key;
in which the module for obtaining is further configured to obtain a second key corresponding to the first key;
a second module for generating a second session key according to the second key;
a module for notifying that verifying the first client identification is successful;
a module for broadcasting configured to stop scanning and broadcast the broadcast data comprising the second authenticator identification;
in which the module for obtaining is further configured to obtain the client data and a client data digest value according to a handshake command;
a third module for generating configured to perform computation via the second session key to obtain a second handshake key;
a second module for verifying the client data according to the second handshake key, the client data and the client data digest value;
a fourth module for generating configured to perform computation on authenticator data via the second handshake key to obtain the authenticator data digest value;
a module for sending configured to send a handshake response comprising the authenticator data and the authenticator data digest value to the client;
in which the module for obtaining is further configured to obtain cipher data in an operating command;
a fifth module for generating configured to perform computation via the second session key to obtain a second encrypting key; and
a module for decrypting and processing configured to decrypt the cipher data via the second encrypting key to obtain operating data, perform corresponding computation according to the operating data to obtain operating result data, perform computation on the operating result data via the second encrypting key to obtain operating response data;
in which the second module for sending is further configured to send an operating response comprising operating response data to the client.
11. The authenticator of claim 10, wherein the authenticator further comprises:
a module for determining and processing configured to determine an activating mode;
a second module for obtaining and generating configured to obtain the client public key and a client version number in an obtaining extension register command, generate an authenticator key pair, generate a second parameter according to the client public key and authenticator private key of the authenticator key pair;
a second module for obtaining and generating is further configured to obtain a first preset data stored in the second module for obtaining and generating, generate an initial pairing key according to the client public key, the authenticator public key of the authenticator key pair, the client version number, the first preset data and the second parameter, split the initial pairing key to obtain a first key and a second key, and store the first key and the second key correspondingly;
the module for sending is further configured to send an extension register response to the client, in which the extension register response comprises the authenticator public key and the client version number.
12. The authenticator of claim 10, wherein the first module for verifying specifically is configured to obtain a first preset field stored in the first module for verifying, a first random number and a first data in the first client identification, perform computation on the first preset field and the first random number via the first key according to a fourth preset algorithm to obtain second data, and determine whether the second data and the first data are identical to each other.
13. The authenticator of claim 10, wherein the first module for generating specifically is configured to obtain a second preset field stored in the first module for generating, concatenate the first client identification and the second preset field orderly, perform computation on the first client identification and the second preset field via the first key according to the fourth preset algorithm to obtain fourth data, and take a preset byte in the fourth data as the second authenticator identification.
14. The authenticator of claim 10, wherein the second module for generating specifically is configured to obtain a first preset data stored in the second module for generating and the first random number in the first client identification, perform computation on the first random number and the first preset data via the second key according to a third preset algorithm to obtain a second session key.
15. The authenticator of claim 10, wherein the third module for generating specifically is configured to obtain the second random number and a second preset data stored in the third module for generating, and perform computation on the second random number and the second preset data via the second session key according to the third preset algorithm to obtain a second handshake key.
16. The authenticator of claim 10, wherein the module for notifying is specifically configured to build a Bluetooth connection with the client, and trigger the second module for broadcasting when the Bluetooth connection is disconnected.
17. The authenticator of claim 16, wherein the authenticator further comprises a module for sending and receiving; the module for sending and receiving is configured to send a first unique identification address to the client, and receive a second unique identification address sent from the client; and
the data broadcasted by the second module for broadcasting further comprises the first unique identification address and the second unique identification address.
18. The authenticator of claim 10, wherein the module for notifying specifically is configured to prompt a user to switch a state of the client from a broadcast state to a scanning state via a module for prompting.
US18/034,684 2020-12-31 2021-11-04 Authenticator and communication method therefor Active 2042-09-22 US12402186B2 (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
CN202011619762.1A CN112291773B (en) 2020-12-31 2020-12-31 An authenticator and its communication method
CN202011619762.1 2020-12-31
PCT/CN2021/128651 WO2022142718A1 (en) 2020-12-31 2021-11-04 Authenticator and communication method therefor

Publications (2)

Publication Number Publication Date
US20230403749A1 US20230403749A1 (en) 2023-12-14
US12402186B2 true US12402186B2 (en) 2025-08-26

Family

ID=74425340

Family Applications (1)

Application Number Title Priority Date Filing Date
US18/034,684 Active 2042-09-22 US12402186B2 (en) 2020-12-31 2021-11-04 Authenticator and communication method therefor

Country Status (3)

Country Link
US (1) US12402186B2 (en)
CN (1) CN112291773B (en)
WO (1) WO2022142718A1 (en)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112311544B (en) * 2020-12-31 2021-03-16 飞天诚信科技股份有限公司 Method and system for communication between server and authenticator
CN112291773B (en) * 2020-12-31 2021-04-06 飞天诚信科技股份有限公司 An authenticator and its communication method
CN113596827B (en) * 2021-07-29 2024-02-13 Oppo广东移动通信有限公司 Key generation method, device, electronic equipment and storage medium
CN113473459A (en) * 2021-08-09 2021-10-01 北京国民安盾科技有限公司 Mobile terminal application level Bluetooth pairing method and system
CN113965361B (en) * 2021-10-12 2024-02-27 广州市国金软件科技有限公司 Communication method for servers

Citations (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20150372811A1 (en) * 2014-06-18 2015-12-24 Eric Le Saint Efficient methods for authenticated communication
US9780954B2 (en) 2014-02-03 2017-10-03 Tata Consultancy Services Ltd. Computer implemented system and method for lightweight authentication on datagram transport for internet of things
US20170359717A1 (en) * 2016-06-12 2017-12-14 Apple Inc. Session Protocol for Backward Security Between Paired Devices
US20180317071A1 (en) * 2017-04-27 2018-11-01 Thales Avionics, Inc. In-flight entertainment systems with a central bluetooth controller controlling bluetooth connections between passenger terminals and video display units
US20180349242A1 (en) * 2017-06-02 2018-12-06 Apple Inc. Accessory communication control
US20190159030A1 (en) * 2016-07-01 2019-05-23 Lg Electronics Inc. Authentication method and system for device using bluetooth technology
US20200322788A1 (en) * 2019-04-04 2020-10-08 Qualcomm Incorporated Address management for bluetooth devices
US20200382569A1 (en) * 2019-05-31 2020-12-03 Apple Inc. Concurrent audio streaming to multiple wireless audio output devices
US20200394332A1 (en) * 2018-09-27 2020-12-17 Amber Solutions, Inc. Privacy and the management of permissions
US20210014226A1 (en) * 2018-03-09 2021-01-14 Quantumctek Co., Ltd. Wearable device-based identity authentication method and system
US20220191700A1 (en) * 2019-03-22 2022-06-16 Samsung Electronics Co., Ltd. Communication method and communication device
US12041169B2 (en) * 2019-08-23 2024-07-16 Samsung Electronics Co., Ltd. Electronic device and method, performed by electronic device, of transmitting control command to target device

Family Cites Families (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1372201A (en) * 2002-04-03 2002-10-02 张平 Novel network safety method
CN105162785B (en) * 2015-09-07 2019-01-04 飞天诚信科技股份有限公司 A kind of method and apparatus registered based on authenticating device
CN105187450B (en) * 2015-10-08 2019-05-10 飞天诚信科技股份有限公司 A method and device for authentication based on an authentication device
CN105450269B (en) * 2015-12-21 2017-09-22 飞天诚信科技股份有限公司 It is a kind of to realize the method and device that secure interactive between bluetooth equipment matches certification
MY181840A (en) * 2016-11-04 2021-01-08 Thomson Licensing Devices and methods for client device authentication
CN107317606B (en) * 2017-07-03 2020-05-19 飞天诚信科技股份有限公司 Bluetooth anti-tracking method and equipment
CN107919963B (en) * 2017-12-27 2020-10-27 飞天诚信科技股份有限公司 Authenticator and implementation method thereof
EP3984262B1 (en) * 2019-06-12 2024-02-28 Telefonaktiebolaget LM Ericsson (publ) Provision of application level identity
CN111355745B (en) * 2020-03-12 2021-07-06 西安电子科技大学 Cross-domain identity authentication method based on edge computing network architecture
CN112311544B (en) * 2020-12-31 2021-03-16 飞天诚信科技股份有限公司 Method and system for communication between server and authenticator
CN112291774B (en) * 2020-12-31 2021-03-16 飞天诚信科技股份有限公司 Method and system for communicating with authenticator
CN112291773B (en) * 2020-12-31 2021-04-06 飞天诚信科技股份有限公司 An authenticator and its communication method

Patent Citations (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9780954B2 (en) 2014-02-03 2017-10-03 Tata Consultancy Services Ltd. Computer implemented system and method for lightweight authentication on datagram transport for internet of things
US20150372811A1 (en) * 2014-06-18 2015-12-24 Eric Le Saint Efficient methods for authenticated communication
US20170359717A1 (en) * 2016-06-12 2017-12-14 Apple Inc. Session Protocol for Backward Security Between Paired Devices
US20190159030A1 (en) * 2016-07-01 2019-05-23 Lg Electronics Inc. Authentication method and system for device using bluetooth technology
US20180317071A1 (en) * 2017-04-27 2018-11-01 Thales Avionics, Inc. In-flight entertainment systems with a central bluetooth controller controlling bluetooth connections between passenger terminals and video display units
US20180349242A1 (en) * 2017-06-02 2018-12-06 Apple Inc. Accessory communication control
US20210014226A1 (en) * 2018-03-09 2021-01-14 Quantumctek Co., Ltd. Wearable device-based identity authentication method and system
US20200394332A1 (en) * 2018-09-27 2020-12-17 Amber Solutions, Inc. Privacy and the management of permissions
US20220191700A1 (en) * 2019-03-22 2022-06-16 Samsung Electronics Co., Ltd. Communication method and communication device
US20200322788A1 (en) * 2019-04-04 2020-10-08 Qualcomm Incorporated Address management for bluetooth devices
US20200382569A1 (en) * 2019-05-31 2020-12-03 Apple Inc. Concurrent audio streaming to multiple wireless audio output devices
US12041169B2 (en) * 2019-08-23 2024-07-16 Samsung Electronics Co., Ltd. Electronic device and method, performed by electronic device, of transmitting control command to target device

Also Published As

Publication number Publication date
CN112291773B (en) 2021-04-06
CN112291773A (en) 2021-01-29
US20230403749A1 (en) 2023-12-14
WO2022142718A1 (en) 2022-07-07

Similar Documents

Publication Publication Date Title
US12402186B2 (en) Authenticator and communication method therefor
US12309140B2 (en) Method and system for communication between server and authenticator
US12407492B2 (en) Method and system for communicating with authenticator
CN105430605B (en) A kind of method that bluetooth master-slave equipment and the two establish escape way
EP3319295B1 (en) Devices and methods for client device authentication
CN107969001B (en) Method and device for two-way authentication of Bluetooth pairing
US10305684B2 (en) Secure connection method for network device, related apparatus, and system
CN114900304B (en) Digital signature method and apparatus, electronic device, and computer-readable storage medium
US10097524B2 (en) Network configuration method, and related apparatus and system
CN106851540A (en) The implementation method and device of a kind of Bluetooth pairing
CN112312393A (en) 5G application access authentication method and 5G application access authentication network architecture
CN100441023C (en) Method for authenticating mobile station, communication system and mobile station
CN108092958B (en) Information authentication method and device, computer equipment and storage medium
US20230052917A1 (en) Pairing method applied to short-range communication system and wireless device
CN107682152B (en) A Group Key Agreement Method Based on Symmetric Cipher
CN112672342B (en) Data transmission method, device, equipment, system and storage medium
EP3413508A1 (en) Devices and methods for client device authentication
CN116847341A (en) Network connection method, terminal, network equipment to be distributed and storage medium
CN102264068A (en) Shared key negotiation method and system, network platform and terminal
CN109257630B (en) Data transmission system, method, device and storage medium in video-on-demand
CN107104888A (en) A kind of safe instant communicating method
CN118741503A (en) A firmware transmission method, device, wireless physical key, target device, medium and product
CN116032548B (en) Access authentication method and device of Internet of things, terminal equipment and gateway equipment
CN102571350A (en) Authentication method and device for optical network unit
WO2010069102A1 (en) Moblie terminal, cipher key transmission method, decrypt method and secrecy communication realizing method

Legal Events

Date Code Title Description
AS Assignment

Owner name: FEITIAN TECHNOLOGIES CO., LTD., CHINA

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:LU, ZHOU;YU, HUAZHANG;REEL/FRAME:063487/0114

Effective date: 20230301

FEPP Fee payment procedure

Free format text: ENTITY STATUS SET TO UNDISCOUNTED (ORIGINAL EVENT CODE: BIG.); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

STPP Information on status: patent application and granting procedure in general

Free format text: DOCKETED NEW CASE - READY FOR EXAMINATION

STPP Information on status: patent application and granting procedure in general

Free format text: AWAITING TC RESP, ISSUE FEE PAYMENT VERIFIED

STPP Information on status: patent application and granting procedure in general

Free format text: PUBLICATIONS -- ISSUE FEE PAYMENT VERIFIED

STCF Information on status: patent grant

Free format text: PATENTED CASE